[ossec-cvs] ossec-hids: logcollector.c (HEAD) logcollector.h (HEAD) read_nmapg.c (HEAD) [dcid]

[OSSEC CVS <cvs-commit@xxxxxxxxx>]

Module name:	ossec-hids
Changes by:	dcid	07/08/25 10:24:04

Modified files:
	logcollector.c logcollector.h read_nmapg.c

Log message:
Description: Adding support for mysql logs (.err and .log). Adding support for PostgreSQL as a database output. A few more fixes for the hostinfo stuff... (yes, long morning -- you got to love
saturdays)
Reviewed by: dcid
Bug:

Index: logcollector.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/logcollector/logcollector.c,v
diff -u -r1.37 -r1.38
--- logcollector.c	13 Oct 2006 14:55:39 -0000	1.37
+++ logcollector.c	25 Aug 2007 13:24:03 -0000	1.38
@@ -89,6 +89,10 @@
             {
                 logff[i].read = (void *)read_nmapg;
             }
+            else if(strcmp("mysql_log", logff[i].logformat) == 0)
+            {
+                logff[i].read = (void *)read_mysql_log;
+            }
             else
             {
                 logff[i].read = (void *)read_syslog;

Index: logcollector.h
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/logcollector/logcollector.h,v
diff -u -r1.19 -r1.20
--- logcollector.h	10 Oct 2006 19:07:08 -0000	1.19
+++ logcollector.h	25 Aug 2007 13:24:03 -0000	1.20
@@ -48,6 +48,9 @@
 /* Read nmap grepable format */
 void *read_nmapg(int pos, int *rc, int drop_it);
 
+/* Read mysql log format */
+void *read_mysql_log(int pos, int *rc, int drop_it);
+
 
 #ifdef WIN32
 /* Windows only */

Index: read_nmapg.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/logcollector/read_nmapg.c,v
diff -u -r1.7 -r1.8
--- read_nmapg.c	10 Oct 2006 19:07:08 -0000	1.7
+++ read_nmapg.c	25 Aug 2007 13:24:03 -0000	1.8
@@ -16,7 +16,7 @@
 
 #define NMAPG_HOST  "Host: "
 #define NMAPG_PORT  "Ports:"
-#define NMAPG_OPEN  "open"
+#define NMAPG_OPEN  "open/"
 #define NMAPG_STAT  "Status:"
 
 
@@ -34,11 +34,13 @@
     int filtered = 0;
     char *p, *q;
 
+
     /* Removing white spaces */
     while(*str == ' ')
     {
         str++;
     }
+
     
     /* Getting port */
     p = strchr(str, '/');
@@ -51,25 +53,31 @@
     /* Getting port */
     strncpy(port, str, msize);
     port[msize -1] = '\0';
+
+    
     
     /* Checking if the port is open */
     q = __go_after(p, NMAPG_OPEN);
     if(!q)
     {
         /* Port is not open */
-        filtered = 1;    
+        filtered = 1;
         q = p;
+
+
+        /* Going to the start of protocol field */
+        p = strchr(q, '/');
+        if(!p)
+            return(NULL);
+        p++;        
+    }
+    else
+    {
+        p = q;
     }
     
-
     
-    /* Going to the start of protocol field */
-    p = strchr(q, '/');
-    if(!p)
-        return(NULL);
-    p++;
 
-    
     /* Getting protocol */
     str = p;
     p = strchr(str, '/');
@@ -248,6 +256,7 @@
         snprintf(final_msg, OS_MAXSTR, "Host: %s, open ports:",
                             ip);
         final_msg_s = OS_MAXSTR - ((strlen(final_msg) +3));
+        
 
         /* Getting port and protocol */
         do
@@ -261,9 +270,10 @@
             p = __get_port(p, proto, port, 9);
             if(!p)
             {
-                merror("%s: Bad formated nmap grepable file (port).", ARGV0);
+                debug1("%s: Bad formated nmap grepable file (port).", ARGV0);
                 break;
             }
+
             
             /* Port not open */
             if(proto[0] == '\0')
@@ -280,7 +290,7 @@
         }while(*p == ',' && (p++));
        
 
-        if(p && (drop_it == 0))
+        if(drop_it == 0)
         { 
             /* Sending message to queue */
             if(SendMSG(logr_queue, final_msg, logff[pos].file, 
@@ -293,6 +303,7 @@
                 }
             }
         }
+
         
         /* Getting next */
         continue;